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Application/Control Number: 10/830,127 
Art Unit: 2136 

DETAILED ACTION 

This action is in response of the original filing of April 24 th , 2004. 
pending and have been considered below. 

Claim Objections 

1 . Claims 15,31, and 47 are objected to because of the following informalities: the 
claims end with a double period. Appropriate correction is required. 

Claim Rejections - 35 USC § 101 

Claim 33-48 are drawn to a computer readable medium, which the applicant has 
defined in the specification (page 6, line 1) to encompass an electronic transmission 
signal. The Office considers an electronic signal to be a form of energy. Energy is not 
a series of steps or acts and this is not a process. Energy is not a physical article or 
object and as such is not a machine or manufacture. Energy is not a combination of 
substances and therefore not a compilation of matter. Thus, an electronic transmission 
signal does not fall within any of the four categories of invention. Therefore, Claims 33- 
48 are not statutory. 

Claims 1-3, 17-19 are non-statutory. The claims do no appear to recite a physical 
transformation and thus appear to be relying on producing a useful, concrete, tangible 
result to establish a practical application. Claim 1 recites the step of providing, 
identifying, opening, determining, and performing without producing a tangible result. 



Page 2 



Claims 1-48 are 



Application/Control Number: 10/830,127 Page 3 

Art Unit: 2136 

Claim Rejections • 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

3. Claims 1-5, 17-21, 33-37 are rejected under 35 U.S.C. 102(b) as being 
anticipated by McGee et al (US 6694434). 

Claims 1,17, 33: McGee et al discloses a method, a system, and a computer 
recording medium for controlling program execution and program distribution 
comprising: 

i. Providing a database of known good software (application 
registration data is a list of hash value of approved application) (column 5, 
lines 13-32); 

ii. Opening a file (if an executable file open commencement request is 
detected) (column 1 1 , lines 3-35); 

iii. Identifying the file being opened (the processor retrieves file filter 
criteria as shown in block 510. File filter criteria include any suitable data 
identifier) (column 1 1 , lines 3-35); 

iv. Determining whether an entry exists in the database of known good 
software for the 

identified file (As shown in block 516, the node uses its hash value 
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generator to generate a hash of the program designated for execution and 
compares the generated hash value with the stored hash values on the 
approved hash list. This is shown in block 518. If the generated hash 
value appears on the approved hash list, the processor grants 
executability to the program designated for execution as shown in block 
520) (column 11, line 37 to column 12 line 4); and 
v. Performing at least one of allowing and preventing the opening of 
the file from continuing based on the result of the determination (As such, 
the process may occur in fore ground or background operation and 
prevents an executable program from being run if it does not appear on 
the approved hash list. As shown in block 522, if the hash value generated 
by the receiving processor does not match the hash value on the 
approved hash list, the system prevents the executable file data from 
executing and may optionally record the non-approval condition based on 
the comparison, log the event and/or inform the user) (column 11, line 37 
to column 12 line 4). 

Claims 2, 18, 34: McGee et al discloses a method, a system, and a computer 
recording medium for controlling program execution and program distribution as 
in claims 1,17, and 33 above, and further discloses that the file comprises an 
executable file (The system may compare a location of the executable file data 
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with the location of approved executable file data indicated by the application 
registration data in the list) (column 4, lines 7-11, column 8, lines 60-65). 



Claims 3, 19, 35: McGee et al discloses a method, a system, and a computer 
recording medium for controlling program execution and program distribution as 
. in claims 2, 18, and 34 above, and further discloses the executable file comprises 
an application (the application registration data contains a plurality of first unique 
application verification) (column 3 line 64 to column 4 line 4). 

Claims 4, 20, 36: McGee et al discloses a method, a system, and a computer 
recording medium for controlling program execution and program distribution as 
in claims 1,17, and 33 above, and further discloses that the step of identifying 
the file being opened comprises determining a unique value of the file, the unique 
value being a hash value generated according to a hashing algorithm and 
comparing the unique value to entries in the database of known good software 
(an approved stored list of hash values for approved executable files for 
programs, for example, is generated by a trusted party. Prior to allowing 
individual program execution by the first-party, the first-party generates or 
retrieves a second unique application verification data element, such as a hash 
value, of an executable file designated for execution on a processing device, 
such as a computer or the communication unit. The stored hash values from the 
list are evaluated and compared to the generated hash value. The first-party 
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system grants program executability on a per-program basis based on the 
comparison of the pre-stored hash values and hash value generated by the party 
having the program designated for execution)(column 4, lines 5-35). 

Claims 5, 21 , 37: McGee et al discloses a method, a system, and a computer 
recording medium for controlling program execution and program distribution as 
in claims 4, 20, and 36 above, and further discloses that the step of the 
performing at least one of allowing and preventing the opening of the file from 
continuing comprises allowing the file to continue to be opened if it is determined 
that the determined unique value corresponds to an entry in the database of 
known good software (As such, the process may occur in fore ground or 
background operation and prevents an executable program from being run if it 
does not appear on the approved hash list. As shown in block 522, if the hash 
value generated by the receiving processor does not match the hash value on 
the approved hash list, the system prevents the executable file data from 
executing and may optionally record the non-approval condition based on the 
comparison, log the event and/or inform the user) (column 11, line 37 to column 
12 line 4). 

4. Claims 6, 12-16, 22, 28-32, 38, 44-48 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over McGee et al (US 6694434) in view of Dozortsev (US 
6944772). 
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Claims 6, 22, 38: McGee et al discloses a method, a system, and a computer 
recording medium for controlling program execution and program distribution as 
in claims 1,17, and 33 above, but does not explicitly discloses a step of providing 
a database of unfamiliar software. However, Dozortsev discloses a method, a 
system, and a computer-recording medium for identifying verification of 
executable code, which further discloses a database of unfamiliar software and 
determining whether an entry exists in the database of unfamiliar software for the 
identified file (if the signature is flagged "received under investigation", the 
message reading "the executable code is being investigate" is forwarded to the 
client)(column 7 line 14 to column 8 line 41). Therefore, it would be obvious to 
one having ordinary skills in the art at the time the invention was made to provide 
a database of unfamiliar software in McGee etal 's disclosure. One would have 
been motivated to provide such a database in order to maintain the integrity of 
the system by not allowing malicious code to be executed. 

Claims 12, 28, 44: McGee et al and Dozortsev disclose a method, a system, 
and a computer recording medium for controlling program execution and 
program distribution as in claims 6, 22, and 38 above, and McGee et al further 
discloses a step of adding an entry to the database of unfamiliar software if an 
entry for the file being opened is not found in at least one of the database for 
known good software and the database for unfamiliar software (the trusted 
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authority selects the candidate programs that, for example, are to be passed 
through a hash function and made part of the approved hash list. The central 
authority may obtain this information by entry through a graphic user interface by 
a system administrator or may have the information automatically downloaded 
from another source)(column 12, lines 19-63). 

Claims 13, 29, 45: McGee et al and Dozortsev disclose a method, a system, 
and a computer recording medium for controlling program execution and 
program distribution as in claims 6, 22, and 38 above, and McGee et al further 
discloses a step of placing at least one operating system call hook if it is 
determined that an entry exists in the database for unfamiliar software (a 
matching of hash values based on the entire executable file from a list of 
approved hash values results in the calling application being granted access to 
execute) (column 13, lines 30-38). 

Claims 14, 30, 46: McGee et al and Dozortsev disclose a method, a system, 
and a computer recording medium for controlling program execution and 
program distribution as in claims 13, 29, and 45 above, and McGee et al further 
discloses that the operating system call hook notifies a Trojan notification service 
that a file corresponds to an entry in the database for unfamiliar software (If the 
computed unique application verification data does not match the stored unique 
application verification data, the user is notified that the application is listed in the 
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application registration but may have been upgraded or it is an unauthorized 
application as indicated in block 74) (column 8, lines 16-22). 

Claims 15,31, 47: McGee et al and Dozortsev disclose a method, a system, 
and a computer recording medium for controlling program execution and 
program distribution as in claims 14, 30, and 46 above, and McGee et al further 
discloses that the Trojan notification service prompts a user for input regarding 
whether the operating system call should be passed along (The system then 
generates a signal (for example, resulting in a prompt to the user) (column 8, 
lines 25-30). 

Claims 16, 32, 48: McGee et al and Dozortsev disclose a method, a system, 
and a computer recording medium for controlling program execution and 
program distribution as in claims 15, 31, and 47 above, and McGee et al further 
discloses that the step of opening of the file is allowed to proceed if the operating 
system call is passed along (The user is then prompted to indicate whether 
execution privileges should be granted to the application as shown in block 86. 
This may be done, for example, through a graphic user interface. If the user 
responds indicating that execution privileges should be granted, the application is 
then added to the application registration list as shown in block 88)(column 8, 
lines 41-65). 
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5. Claims 7, 23, 39 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
McGee etal (US 6694434) in view of Dozortsey (US 6944772) as applied to claims 6, 
22, and 38 above, and further in view of Liu etal (US 6760752). 

Claims 7, 23, 39: McGee et al and Dozortsev disclose a method, a system, and 
a computer recording medium for controlling program execution and program 
distribution as in claims 6, 22, and 38 above, while neither of them explicitly 
discloses a step of providing a time stamp. However, Liu et al discloses a 
method, a system and a computer recording medium for securely transferring a 
message from a sender to a receiver, which further discloses a step of providing 
date stamp information for each entry in the database for unfamiliar processes 
indicating a date on which the entry was first made (a time stamp process and a 
status retrieval process) (column 25 line 57 to column 26 line 45, Figs. 2 B item 
262, 8 A and 8B). Therefore, it would have been obvious to one of ordinary skill 
in the art at the time the invention was made to modify the combined method, 
system, and computer recording medium of McGee et al and Dozortsev such as 
to a provide a time stamp information for each entry. The motivation of doing so 
would have been to ensure the integrity of information sent over a network. 

Claims 10-11, 26-27, 42-43 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over McGee et a I (US 6694434) and Dozortsev (US 6944772) in view of Liu et al (US 
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6760752) and further in view of Verma (US 7140042). 

Claims 10, 26, 42: McGee et al , Dozortsev , and Liu et al disclose a method, a 
system, and a computer recording medium for controlling program execution and 
program distribution as in claims 7, 23, and 39 above, while neither of them 
explicitly discloses a step of determining the amount of time. However, Verma 
discloses a method, a system and a computer recording medium preventing 
software piracy, which further discloses a step of determining an amount of time 
an entry has been in the database for unfamiliar processes by comparing the 
date stamp information with a current date (column 5, lines 8-20). Therefore, it 
would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the combined method, system, and computer- 
recording medium of McGeeetal, Dozortsev and Liu et al such as to determine 
a time limit. The motivation of doing so would have been to keep in track of the 
usage of the application. 

Claims 1 1 , 27,43: McGee et al , Dozortsev , Liu et al and Verma disclose a 
method, a system, and a computer recording medium for controlling program 
execution and program distribution as in claims 7, 23, and 39 above, and 
Dozortsev further discloses a step of moving an entry from the database for 
unfamiliar software to the database for known good software if it is determined 
that the entry has been in the database for unfamiliar software for a sufficient 
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period of time (column 10, lines 39-56, Fig. 2). Therefore, it would have been 
obvious to one of ordinary skill in the art at the time the invention was made to 
modify the combined method, system, and computer-recording medium of 
McGee et al , Lui et al and Verma such as to determine a time limit. The 
motivation of doing so would have been to ensure the integrity of information sent 
over a network. 

6. Claims 8-9, 24-25, 40-41 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over McGee etal (US 6694434) in view of Dozortsev (US 6944772) in 
further in view of Verma (US 7140042). 

Claims 8, 24, 40: McGee etal and Dozortsev disclose a method, a system, and 
a computer recording medium for controlling program execution and program 
distribution as in claims 6, 22, and 38 above, while neither of them explicitly 
discloses a step of providing a number of times corresponding to the opening of 
an entry. However, Verma discloses a method, a system and a computer 
recording medium preventing software piracy/which further discloses a step of 
providing a value for each entry in the database for unfamiliar software indicating 
a number of times a file corresponding to the entry was opened (column 1 1 , lines 
44-57). Therefore, it would have been obvious to one of ordinary skill in the art at 
the time the invention was made to modify the combined method, system, and 
computer-recording medium of McGee et al and Dozortsev such as to provide 
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the number of time the was opened. The motivation of doing so would have 
been to keep in track of the usage of the application. 

Claims 9, 25, 41 : McGee et al and Dozortsev disclose a method, a system, and 
a computer recording medium for controlling program execution and program 
distribution as in claims 8, 24, and 40 above, while neither of them explicitly 
discloses a step of providing a number of times a file has been executed. 
However, Verma discloses a method, a system and a computer-recording 
medium preventing software piracy, which further discloses a step of providing a 
value comprises the number of times an executable in file has been executed 
(column 1 1 , lines 44-57). Therefore, it would have been obvious to one of 
ordinary skill in the art at the time the invention was made to modify the 
combined method, system, and computer-recording medium of McGee et al and 
Dozortsev such as to determine the number of time a file has been executed. 
The motivation of doing so would have been to keep in track of the usage of the 
application. 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Fatoumata Traore whose telephone number is (571) 



Application/Control Number: 10/830,127 



Page 14 



Art Unit: 2136 

270-1685. The examiner can normally be reached Monday through Thursday from 7:00 
a.m. to 4:00 p.m. and every other Friday from 7:30 a.m. to 3:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nassar G. Moazzami, can be reached on (571) 272 4195. The fax phone 
number for Formal or Official faxes to Technology Center 2100 is (571) 273-8300. Draft 
or Informal faxes, which will not be entered in the application, may be submitted directly 
to the examiner at (571) 270-2685. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the Group Receptionist whose telephone number is 
(571)272-2100. 

FT Nassar G. Moazzami 

Wednesday, August 15, 2007 Supervisory Patent Examiner 




